CVE-2023-31007

Summary

CVE-2023-31007 is an Improper Authentication vulnerability affecting Apache Pulsar Broker versions through 2.9.4, 2.10.0 through 2.10.3, and 2.11.0. This vulnerability allows a client to remain connected to the broker even after authentication data expires, when the client connects through the Pulsar Proxy or directly to the broker using a specially crafted connect command, with the configuration param authenticateOriginalAuthData set to false. Apache Pulsar Broker users running versions 2.9.4 and earlier should upgrade to at least 2.9.5. Users with 2.10.0 through 2.10.3 and 2.11.0 should upgrade to at least 2.10.4 and 2.11.1, respectively. Users running the Pulsar Broker for 2.8.* and earlier are also advised to upgrade to one of the patched versions. This vulnerability can potentially allow unauthorized access to the affected Apache Pulsar Broker instances. Pulsar Broker users are encouraged to apply the relevant patches to mitigate the risk. Note: This summary is based on the provided information and is intended to be an objective and straightforward summary of the vulnerability. It should not be considered an exhaustive description or a substitute for the official CVE documentation or the vendor's advisory.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.